From 09a2210c477932c8df40ff820414b3a9bbec10fb Mon Sep 17 00:00:00 2001
From: Rasp8e <bogdan.balamat@ext.ec.europa.eu>
Date: Tue, 17 Oct 2017 15:19:43 +0200
Subject: Adding Proxy-Authorization and extra headers in the case of
 connection through PROXY to HTTPS

---
 plugins/check_http.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

(limited to 'plugins/check_http.c')

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 86a36c20..2e393eb2 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -916,6 +916,21 @@ check_http (void)
 
     if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT);
     asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent);
+    if (strlen(proxy_auth)) {
+      base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth);
+      xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth);
+    }
+    /* optionally send any other header tag */
+    if (http_opt_headers_count) {
+      for (i = 0; i < http_opt_headers_count ; i++) {
+        if (force_host_header != http_opt_headers[i]) {
+          xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]);
+        }
+      }
+      /* This cannot be free'd here because a redirection will then try to access this and segfault */
+      /* Covered in a testcase in tests/check_http.t */
+      /* free(http_opt_headers); */
+    }
     asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf);
     asprintf (&buf, "%sHost: %s\r\n", buf, host_name);
     /* we finished our request, send empty line with CRLF */
-- 
cgit v1.2.3-74-g34f1


From 22c00bbe47d2bed5e77ad1d494502c4697a86abb Mon Sep 17 00:00:00 2001
From: Stefan Bethke <stb@lassitu.de>
Date: Wed, 10 Oct 2018 00:40:07 +0200
Subject: Docs check_http: make -C obvious

You need to read the docs carefully to realize that check_http has two
modes of operation: the regular HTTP checks, and a TLS certificate
check. Only one of these can be run in a single invocation.

Fixes #1553
---
 plugins/check_http.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

(limited to 'plugins/check_http.c')

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 86a36c20..d540bf7d 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1532,6 +1532,10 @@ print_help (void)
 
   print_usage ();
 
+#ifdef HAVE_SSL
+  printf (_("In the first form, make an HTTP request."));
+  printf (_("In the second form, connect to the server and check the TLS certificate."));
+#endif
   printf (_("NOTE: One or both of -H and -I must be specified"));
 
   printf ("\n");
@@ -1688,6 +1692,8 @@ print_usage (void)
   printf ("       [-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]\n");
   printf ("       [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]\n");
   printf ("       [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
-  printf ("       [-A string] [-k string] [-S <version>] [--sni] [-C <warn_age>[,<crit_age>]]\n");
+  printf ("       [-A string] [-k string] [-S <version>] [--sni]\n");
   printf ("       [-T <content-type>] [-j method]\n");
+  printf (" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n",progname);
+  printf ("       [-p <port>] [-t <timeout>] [-4|-6] [--sni]\n");
 }
-- 
cgit v1.2.3-74-g34f1


From 0a58acc7052d4962d8fe68aeb6919b59dfdef1cf Mon Sep 17 00:00:00 2001
From: Tomas Mozes <hydrapolic@gmail.com>
Date: Wed, 5 Dec 2018 12:50:53 +0100
Subject: plugins: check_http: Increase regexp limit

---
 plugins/check_http.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/check_http.c')

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 856e1e90..a25f1ec0 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -72,7 +72,7 @@ int maximum_age = -1;
 
 enum {
   REGS = 2,
-  MAX_RE_SIZE = 256
+  MAX_RE_SIZE = 1024
 };
 #include "regex.h"
 regex_t preg;
-- 
cgit v1.2.3-74-g34f1


From a1af8be9781ccdf36087a9e42fa18cfd468f1401 Mon Sep 17 00:00:00 2001
From: Daniel Uhlmann <daniel.uhlmann@t-systems.com>
Date: Thu, 24 Jun 2021 11:37:14 +0200
Subject: changed 'STATE_CRITICAL' to 'STATE_WARNING' for infinite loop

---
 plugins/check_http.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'plugins/check_http.c')

diff --git a/plugins/check_http.c b/plugins/check_http.c
index 0b712665..34fb4f01 100644
--- a/plugins/check_http.c
+++ b/plugins/check_http.c
@@ -1453,8 +1453,8 @@ redir (char *pos, char *status_line)
       !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) &&
       (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) &&
       !strcmp(server_url, url))
-    die (STATE_WARNING,
-         _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
+    die (STATE_CRITICAL,
+         _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"),
          type, addr, i, url, (display_html ? "</A>" : ""));
 
   strcpy (server_type, type);
-- 
cgit v1.2.3-74-g34f1